diff --git a/tasks/keystone_apache.yml b/tasks/keystone_apache.yml
index b553e042..6fb72969 100644
--- a/tasks/keystone_apache.yml
+++ b/tasks/keystone_apache.yml
@@ -56,3 +56,10 @@
     - Restart Apache
   tags:
     - keystone-httpd
+
+- name: Enable/disable mod_ssl for apache2
+  apache2_module:
+    name: ssl
+    state: "{{ (keystone_ssl_enabled | bool) | ternary('present', 'absent') }}"
+  tags:
+    - keystone-httpd
diff --git a/templates/keystone-httpd.conf.j2 b/templates/keystone-httpd.conf.j2
index a5fc9ed4..3c86f325 100644
--- a/templates/keystone-httpd.conf.j2
+++ b/templates/keystone-httpd.conf.j2
@@ -10,7 +10,7 @@ WSGIDaemonProcess keystone user={{ keystone_system_user_name }} group=nogroup pr
     CustomLog /var/log/keystone/ssl_access.log combined
     Options +FollowSymLinks
 
-    {% if keystone_ssl_enabled == true %}
+    {% if keystone_ssl_enabled == true -%}
     SSLEngine on
     SSLCertificateFile    {{ keystone_ssl_cert }}
     SSLCertificateKeyFile {{ keystone_ssl_key }}
@@ -35,7 +35,7 @@ WSGIDaemonProcess keystone user={{ keystone_system_user_name }} group=nogroup pr
     CustomLog /var/log/keystone/ssl_access.log combined
     Options +FollowSymLinks
 
-    {% if keystone_ssl_enabled == true %}
+    {% if keystone_ssl_enabled == true -%}
     SSLEngine on
     SSLCertificateFile    {{ keystone_ssl_cert }}
     SSLCertificateKeyFile {{ keystone_ssl_key }}